The day’s top stories from around the world

Mexico passes Federal Data Protection Act

After nine years of intense efforts and constant lobbying, the Federal Data Protection Act has been finally approved in Mexico. On Tuesday, the Senate unanimously approved the Federal Data Protection Act fulfilling the duty of the Mexican Constitution and international standards on the matter.

In Mexico, the Federal Act on Transparency and Access to Government Public Information (FOIA) recognises the right to personal data protection and establishes the rights and principles of protection that must be observed by all government entities. However, up to this point Mexico did not have a specific legal document on data protection to regulate the private sphere.

Further to the constitutional amendments to articles 16 and 73 that recognized the right to data protection as a fundamental and autonomous right, there was a clear social demand for data protection. Previous amendments pointed out the existence of fundamental principles for which all treatments of personal data should be ruled.

As a result, data protection in Mexico has undergone several developments in recent years. In 2009, the developments reached relevant success with the main constitutional amendments cited and related directly to personal data protection and the privacy regime.

Taking into account the previous data protection initiatives, the Federal Institute of Access to Public Information (IFAI) collaborated with the Congress to create a new and innovative act. The draft of the act was also discussed with representatives of the federal government and with the private sector in order to have a balance between regulators and the regulated entities.

With the Federal Data Protection Act the current Federal Institute of Access to Public Information changes its name to Federal Institute of Access to Information and Data Protection. Therefore, from now on, the institute´s jurisdiction will expand to include the protection of personal information of private individuals and entities as well as the access to information right. With this act and the FOIA, the institute becomes the guarantee institution for data protection in both public and private spheres at the federal level in Mexico.

In this sense, the newly born act protects third-generation rights and takes into account the development of the international recognized principles of data protection. Furthermore, it protects explicitly sensitive personal data and incorporates OECD and APEC´s Privacy Framework elements as well as establishes a free and speedy procedure to exercise the rights of individuals (access, rectification, cancellation and opposition). It also includes a procedure of tutelage for the rights of the citizens and has the attribution to impose fines (taking into consideration economic capacity of the controller, technology, type of data and so on).

The Mexican model provides balance between free movement of data for trade whilst protecting information. Hence, the model is flexible and represents an effective tool to increase economic transactions making Mexico more competitive in the economic community.

Last but not least, with the Federal Data Protection Act and the FOIA, Mexico will continue to engage in international and regional relations on privacy and data protection in order to not only keep pace with the latest recommendations, policies and best practices, but also to cooperate at the multilateral and regional level in the enforcement of data protection laws as a result of cross-border online activities.

Mexico walks through the path of democracy and the right to personal data protection enforcement is of the utmost importance. Along with the major improvements in the matter, this institute now counts with the legal structure to protect personal data protection.

Lina Ornelas is general director of classified information and data protection at the Federal Institute of Access to Public Information in Mexico. She may be reached at lina.ornelas@ifai.org.mx.

0 Comments

Related

In the third installment of this series looking at monitoring programs across industries, including healthcare, IT, finance, government and telecom, Deidre Rodriguez, CIPP/US, talks with JC Cannon, CIPP/US, CIPT, about monitoring a privacy program in the IT industry. "Having comprehensive rules, training and procedures in place are not as important during an audit as being able to prove that they are working," Cannon says. Cannon provides tips for those developing monitoring programs and highlig...
Read more

Despite the controversy surrounding the Federal Communications Commission’s (FCC’s) Net Neutrality Order, “it is consistent with several decades of FCC efforts to regulate facilities-based transmission providers in order to protect competition,” writes William Baker, CIPP/US, who has participated in many an FCC proceeding. In this first of a two-part series for Privacy Tracker, Baker outlines the important aspects of the Net Neutrality Order and talks about the FCC’s history in regulating inform...
Read more

The Federal Communications Commission (FCC) is poised to craft new rules that could limit broadband providers’ ability to share information about users’ web activity with advertisers, MediaPost reports. The FCC’s Wireline Competition and Consumer & Governmental Affairs Bureaus will convene a workshop on the privacy rights of broadband users on April 28 in Washington, DC. The FCC said the 2015 Open Internet Order applies Section 222 of the Communications Act to broadband carriers, and has not...
Read more

Harvard Berkman Fellow and Co3 CTO Bruce Schneier believes we now live in a mass surveillance society of our own making, as we've traded the data that allows us to be constantly tracked in exchange for convenience and services. But, he argues, we don't have to. In his new book, Data and Goliath, he offers suggestions for reforming surveillance-based business models and the systems of government surveillance and offers consumers ways to step outside surveillance culture. In this video of a recent...
Read more

According to the Network Advertising Initiative (NAI) annual compliance report released Monday, all 92 of its members “substantially complied” with the NAI’s consumer privacy code in 2014, KatyontheHill reports. The code requires ad networks to post data collection and retention practices and give consumers the option to opt out of tracking. The NAI says the minor code violations were unintentional and were “resolved quickly.” The ad network industry considers self-regulatory programs like this ...
Read more

Tags

The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally.Learn more

The IAPP is the only place you’ll find a comprehensive body of resources, knowledge and experts to help you navigate the complex landscape of today’s data-driven world. We offer individual, corporate and group memberships, and all members have access to an extensive array of benefits.